320 matches found
uniglassplus.com Cross Site Scripting vulnerability
Security Researcher metamorfosec Helped patch 1914 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting uniglassplus.com website and its users. Following...
brusselsjazzweekend.be Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-885239 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting brusselsjazzweekend.be websit...
EUVD-2019-4349
An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in errors in processing the relative path to the catalog during the export of repository content into an archive. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the server by...
IBM Robotic Process Automation with Automation Anywhere Arbitrary Command Execution Vulnerability
IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. A security vulnerability exists in IBM Robotic Process Automation with Automation Anywhere version 10.0, which stems from the program's failure to properly encode...
Shopy Point of Sale v1.0 - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Kali...
Open-AudIT CSV Injection Vulnerability
Open-AudIT is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A security vulnerability exists in the export function in versions prior to Open-AudIT 2.2. An attacker can exploit the vulnerability to inject Windows...
Convert Forms CSV Injection Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A CSV injection vulnerability exists in Joomla! Convert Forms 2.0.3 and earlier versions. When a user with elevated privileges exports form data in CSV format, an attacker can explo...
Trello: CSV injection [N/A]
Hello, We can inject commands in the name field of a board =210 or =cmd|'/C calc'!AO for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim...
CSV Injection
keystone is vulnerable to CSV injection attacks. These attacks are possible because of a mishandled value during the exporting of a CSV file...
Framadate CSV Export Input Validation Vulnerability
Framadate is a free polling software developed by the Framadate team.CSV Export is one of the CVS Comma Separated Values export components. A security vulnerability exists in CSV Export in Framadate version 1.0. An attacker can exploit this vulnerability to obtain information and execute code...
CVE-2017-4979
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports...
DEBIAN-CVE-2016-6617
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions prior to 4.6.4 are affected...
DEBIAN-CVE-2016-6611
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...
Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...
SaaS Marketing platform Hubspot export vulnerability
Hubspot is a widely used SaaS marketing platform to email all your customers, collect data about them and attract new customers. It's is common practice to keep customer lists in Hubspot to send newsletters or other email communication. Hubspot has hardcoded roles that grant users access to vario...
Sucuri: Usage of HTTP for exporting graph data as images
Whenever a user of waf.sucuri.net exports his reports graph data as a png, an unencrypted request is sent over to export.highcharts.com. This enables a mitm-able attacker to sniff and|or replace exported image. Also, the whole practice of offloading potentially private user data to an unrelated...
MGASA-2013-0238 Updated phpmyadmin packages fix security vulnerabilities
Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...
Local file inclusion vulnerability.
PMASA-2013-4 Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary Local file inclusion vulnerability. Description In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability...
CVE-2008-2226
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information...